Vulnerability Details : CVE-2012-1723
Public exploit exists!
Used for ransomware!
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
Products affected by CVE-2012-1723
- cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:6.2:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:6.2:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:icedtea6:*:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:icedtea6:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.5.0:update11:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.7.0:update1:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.7.0:update2:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.7.0:update3:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.7.0:update4:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.5.0:-:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.5.0:update1:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.5.0:update10:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.5.0:update12:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.5.0:update13:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.5.0:update14:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.5.0:update15:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.5.0:update16:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.5.0:update17:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.5.0:update18:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.5.0:update19:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.5.0:update2:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.5.0:update3:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.6.0:-:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.6.0:update32:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.6.0:update31:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.6.0:update23:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.6.0:update22:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.6.0:update29:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.6.0:update25:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.6.0:update24:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.6.0:update27:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.6.0:update30:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.6.0:update26:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.6.0:update10:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.6.0:update1:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.6.0:update2:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.6.0:update3:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.6.0:update11:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.6.0:update12:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.6.0:update13:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.6.0:update14:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.5.0:update20:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.5.0:update21:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.5.0:update22:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.5.0:update23:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.5.0:update24:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.5.0:update25:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.5.0:update26:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.5.0:update27:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.5.0:update28:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.5.0:update29:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.5.0:update30:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.5.0:update31:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.5.0:update32:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.5.0:update33:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.5.0:update34:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.5.0:update35:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.6.0:update15:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.6.0:update16:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.6.0:update17:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.6.0:update18:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.6.0:update19:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.6.0:update20:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.6.0:update21:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.7.0:-:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.6.0:update32_b31:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.6.0:update32_b32:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.7.0:update1:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.7.0:update4:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.7.0:update2:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.7.0:update3:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.6.0:update30:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.6.0:update32:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.6.0:update24:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.6.0:update25:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.6.0:update31:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.6.0:update22:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.6.0:update29:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.6.0:update27:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.6.0:update23:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.6.0:update26:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.7.0:-:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.6.0:-:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.6.0:update1:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.6.0:update10:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.6.0:update11:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.6.0:update12:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.6.0:update13:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.6.0:update14:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.6.0:update15:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.6.0:update16:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.6.0:update17:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.6.0:update18:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.6.0:update19:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.6.0:update2:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.6.0:update20:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.6.0:update21:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.6.0:update3:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.5.0:update2:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.5.0:update3:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.5.0:update10:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.5.0:update11:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.5.0:update12:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.5.0:update13:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.5.0:update14:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.5.0:update15:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.5.0:update16:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.5.0:update17:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.5.0:update18:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.5.0:update19:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.5.0:update20:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.5.0:update21:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.5.0:update22:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.5.0:update23:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.5.0:update24:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.5.0:update25:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.5.0:update26:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.5.0:update27:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.5.0:update28:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.5.0:update29:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.5.0:update30:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.5.0:update31:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.5.0:update32:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.5.0:update33:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.5.0:update34:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.5.0:update35:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.5.0:-:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.5.0:update1:*:*:*:*:*:*
Threat overview for CVE-2012-1723
Top countries where our scanners detected CVE-2012-1723
Top open port discovered on systems with this issue
80
IPs affected by CVE-2012-1723 1,732
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2012-1723!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
CVE-2012-1723 is in the CISA Known Exploited Vulnerabilities Catalog
This issue is known to have been leveraged as part of a ransomware campaign.
CISA vulnerability name:
Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE allows remote attackers to affect confidentiality, integrity, and availability via Unknown vectors related to Hotspot.
Notes:
https://nvd.nist.gov/vuln/detail/CVE-2012-1723
Added on
2022-03-03
Action due date
2022-03-24
Exploit prediction scoring system (EPSS) score for CVE-2012-1723
96.27%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2012-1723
-
Java Applet Field Bytecode Verifier Cache Remote Code Execution
Disclosure Date: 2012-06-06First seen: 2020-04-26exploit/multi/browser/java_verifier_field_accessThis module exploits a vulnerability in HotSpot bytecode verifier where an invalid optimization of GETFIELD/PUTFIELD/GETSTATIC/PUTSTATIC instructions leads to insufficient type checks. This allows a way to escape the JRE sandbox, and load additional classes in orde
CVSS scores for CVE-2012-1723
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST | 2024-07-16 |
References for CVE-2012-1723
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16259
Repository / Oval RepositoryBroken Link
-
http://www.ibm.com/support/docview.wss?uid=swg21615246
IBM WebSphere MQ Security Vulnerability: multiple security vulnerabilities in IBM JRE 5.0Broken Link
-
http://rhn.redhat.com/errata/RHSA-2012-0734.html
RHSA-2012:0734 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.html
Oracle Java Critical Patch Update - June 2012Vendor Advisory
-
http://www.mandriva.com/security/advisories?name=MDVSA-2012:095
mandriva.comBroken Link
-
http://www.securityfocus.com/bid/53960
Oracle Java SE CVE-2012-1723 Remote Code Execution VulnerabilityBroken Link;Third Party Advisory;VDB Entry
-
http://marc.info/?l=bugtraq&m=134496371727681&w=2
'[security bulletin] HPSBUX02805 SSRT100919 rev.1 - HP-UX Running Java, Remote Unauthorized Access, D' - MARCMailing List
-
http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-June/019076.html
[SECURITY] IcedTea6 1.10.8 & 1.11.3 Released!Mailing List
-
http://secunia.com/advisories/51080
Sign inBroken Link
-
http://security.gentoo.org/glsa/glsa-201406-32.xml
IcedTea JDK: Multiple vulnerabilities (GLSA 201406-32) — Gentoo securityThird Party Advisory
Jump to